This is the README for the Intel SGX port of libgmp*. For the original README for the GMP Library, see README_GMP.
For more information about this project, see the accompanying article "Building the GNU* Multiple Precision* Arithmetic Library for Intel® Software Guard Extensions".
This project is a proof-of-concept modification of the GNU* Multiple Precision Arithmetic Library as an Intel SGX trusted library. It is intended to serve as an example of how a relatively complex library can be adapted to work as a trusted library for Intel SGX enclaves. This project focuses on the first steps when doing such a port:
-
Integrating Intel SGX into the target library's build system.
-
Making a first-pass at the library to address code segments that are not compatible with the Intel SGX trusted C library.
This project produces a functional, trusted GMP library that can be used in an Intel SGX enclave, but comes with the following caveats:
-
The library's full functionality has not been tested.
-
No effort has been made to tune the performance of the library for Intel SGX enclaves.
-
GMP's I/O routines have been excluded (specifically, code modules that read stdin or write to stdout).
-
The build checks and speed test applications are not available when building as a trusted library as this would require writing enclave-aware versions of the utilities.
This is based on GMP 6.1.2 which was the latest version available as of October 4th, 2018.
This project was built and tested with the following configuration:
- Ubuntu* Linux* 16.04, 18.04
- CentOS* Linux 7.4
- Intel SGX SDK v2.3.1
Other Intel SGX capable operating systems may work, but have not been tested.
You can build both the stock (complete) GMP library and its associated utilities, or the Intel SGX trusted library from the same build system. It's recommended that you build GMP without SGX support first to ensure you have all the prerequisites: GMP requires the bison and texinfo packages, which are not normally installed by default.
To configure the Intel SGX trusted library, use the following arguments to configure:
configure --enable-sgx --enable-static --disable-shared --enable-assembly --prefix=install_dir
A sample wrapper around configure
has been provided in sgx-configure
.
You will need to have the Intel SGX SDK in your PATH, or in a location that the configuration script will be able to detect (e.g., /opt/intel/sgxsdk
).
To build, run make
:
$ make
The trusted library will be named libsgx_tgmp.a
.
make install
works for both the trusted and stock GMP library builds, and you can install both libraries to the same location.
See the sgx-configure
script for an example set of build options. This build is set to install GMP in /opt/libgmp/version
, enable assembly code loops, and enable Intel SGX.
See README_GMP for details.